Skip to main content
SpringerLink
Log in

Credential Intelligence Agency: A Threat Intelligence Approach to Mitigate Identity Theft

  • Conference paper
  • First Online:
Information Systems Security and Privacy (ICISSP 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1545))

Included in the following conference series:

  • 594 Accesses

Abstract

With the ongoing digitalization, identity data leakage and identity theft are a growing threat to individuals, companies and public security in general. For most existing classes of cyber threats, there exists established techniques and even services that generate valuable threat intelligence feeds, however, generating feeds about identity breaches is not deeply researched yet. Even if there are first services for preventing or mitigating identity thefts, most of these services heavily rely on the assumption that the latest leak data is discovered, however, not a single comprehensive study is known which examines how this precondition is fulfilled. In this paper, we introduce a new method for generating a threat intelligence feed about identity breaches so that all the existing preventive and mitigating services can react in a timely manner. Therefore, we develop a system that automatically classifies and extracts threat intelligence information out of an extensive amount of security related news articles. We show that this approach vastly reduces the manual effort for the identity security services, hence, increasing their efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Comodo:https://blog.comodo.com.

  2. 2.

    GBHackers: https://gbhackers.com/category/data-breach/.

  3. 3.

    HackRead: https://www.hackread.com/hacking-news.

  4. 4.

    Help Net Security: https://www.helpnetsecurity.com/view/news/.

  5. 5.

    Infosecurity-Magazine: https://www.infosecurity-magazine.com/news/.

  6. 6.

    Security Gladiators: https://securitygladiators.com/internet-security-news/.

  7. 7.

    Security Week: https://www.securityweek.com.

  8. 8.

    Techworm: https://www.techworm.net.

  9. 9.

    The Hacker News: https://thehackernews.com.

  10. 10.

    Threat Post: https://threatpost.com/blog/.

  11. 11.

    The Guardian: https://www.theguardian.com/international/.

  12. 12.

    Information Week: https://www.informationweek.com/.

  13. 13.

    Naked Security: https://nakedsecurity.sophos.com/.

  14. 14.

    Trendmicro: https://www.trendmicro.com/vinfo/us/security/news/.

  15. 15.

    Cyberdefense Magazine: http://www.cyberdefensemagazine.com/category/news/.

References

  1. Avast Software s.r.o.: Avast Hack Check (2020). https://www.avast.com/hackcheck. Accessed 24 June 2020

  2. Bird, S., Loper, E., Klein, E., Nltk, T.: Natural language toolkit (2020). https://www.nltk.org/. Accessed 23 June 2020

  3. Brown, S., Gommers, J., Serrano, O.: From cyber security information sharing to threat management. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 43–49 (2015)

    Google Scholar 

  4. Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1–27:27 (2011). http://www.csie.ntu.edu.tw/~cjlin/libsvm

  5. Chang, C.C., Lin, C.J.: Libsvm: a library for support vector machines. ACM Trans. Intell. Syst. Technol. (TIST) 2(3), 1–27 (2011)

    Article  Google Scholar 

  6. Chismon, D., Ruks, M.: Threat Intelligence: Collecting, Analysing, Evaluating. MWR InfoSecurity Ltd., Basingstoke (2015)

    Google Scholar 

  7. Cios, K.: Data Mining : A Knowledge Discovery Approach. Springer, New York (2007)

    MATH  Google Scholar 

  8. Committee C.T.I.T.: Introduction to STIX. https://oasis-open.github.io/cti-documentation/stix/intro. Accessed 24 June 2020

  9. Fan, R.E., Chang, K.W., Hsieh, C.J., Wang, X.R., Lin, C.J.: LIBLINEAR: a library for large linear classification. J. Mach. Learn. Res. 9, 1871–1874 (2008)

    MATH  Google Scholar 

  10. Hasso-Plattner-Institut: Wurden Ihre Identitätsdaten ausspioniert? (2020), https://sec.hpi.de/ilc. Accessed 24 June 2020

  11. Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of keyloggers and Dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_1

    Chapter  Google Scholar 

  12. Hsieh, C.J., Chang, K.W., Lin, C.J., Keerthi, S.S., Sundararajan, S.: A dual coordinate descent method for large-scale linear SVM. In: Proceedings of the 25th International Conference on Machine Learning, pp. 408–415 (2008)

    Google Scholar 

  13. Hunt, T.: Have I been pwned? (2020). https://haveibeenpwned.com/. Accessed 24 June 2020

  14. Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issu. Inf. Warf. Secur. Res. 1(1), 80 (2011)

    Google Scholar 

  15. Kilinc, H.H., Cagal, U.: A reputation based trust center model for cyber security. In: 2016 4th International Symposium on Digital Forensic and Security (ISDFS), pp. 1–6. IEEE (2016)

    Google Scholar 

  16. Labani, M., Moradi, P., Ahmadizar, F., Jalili, M.: A novel multivariate filter method for feature selection in text classification problems. Eng. Appl. Artif. Intell. 70, 25–37 (2018)

    Article  Google Scholar 

  17. Li, L., Sullivan, N., Pal, B., Chatterjee, R., Ali, J., Ristenpart, T.: Protocols for checking compromised credentials. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 1387–1403 (2019)

    Google Scholar 

  18. Malderle, T., Knauer, S., Lang, M., Wübbeling, M., Meier, M.: Track down identity leaks using threat intelligence. In: Furnell, S., Mori, P., Weippl, E., Champ, O. (eds.) ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. SCITEPRESS - Science and Technology Publications, Valetta (2020)

    Google Scholar 

  19. Malderle, T., Wübbeling, M., Knauer, S., Meier, M.: Warning of affected users about an identity leak. In: Madureira, A.M., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds.) SoCPaR 2018. AISC, vol. 942, pp. 278–287. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-17065-3_28

    Chapter  Google Scholar 

  20. Malderle, T., Wübbeling, M., Knauer, S., Sykosch, A., Meier, M.: Gathering and analyzing identity leaks for a proactive warning of affected users. In: Proceedings of the 15th ACM International Conference on Computing Frontiers, CF 2018, pp. 208–211. ACM, New York (2018). https://doi.org/10.1145/3203217.3203269

  21. MISP: Misp - open source threat intelligence platform & open standards for threat information sharing, https://www.misp-project.org/. Accessed 24 June 2020

  22. MITRE: Cyber threat intelligence. https://www.mitre.org/capabilities/cybersecurity/cyber-threat-intelligence. Accessed 24 June 2020

  23. Mozilla Foundation: Firefox Monitor - Frequently asked questions (2020). https://support.mozilla.org/en-US/kb/firefox-monitor-faq. Accessed 24 June 2020

  24. Ou-Yang, L.: Newspaper3k: Article scraping & curation (2019). https://github.com/codelucas/newspaper. Accessed 17 Dec 2019

  25. Pearman, S., et al.: Let’s go in for a closer look: observing passwords in their natural habitat. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 295–310 (2017)

    Google Scholar 

  26. Peng, P., Xu, C., Quinn, L., Hu, H., Viswanath, B., Wang, G.: What Happens After You Leak Your Password: Understanding Credential Sharing on Phishing Sites. In: Asia CCS 2019: Proceedings of the 2019 ACM Asia Conference on Computer and Communications SecurityJuly 2019, pp. 181–192 (2019)

    Google Scholar 

  27. Porter, M.F.: An algorithm for suffix stripping. Program 14(3), 130–137 (1980)

    Article  Google Scholar 

  28. PricewaterhouseCoopers GmbH: Identitätsklau - die Gefahr aus dem Netz (2016). https://www.pwc.de/de/handel-und-konsumguter/assets/cyber-security-identitaetsdiebstahl-2016.pdf. Accessed 24 June 2020

  29. Princeton University: About wordnet. (2010), https://wordnet.princeton.edu. Accessed 24 June 2021

  30. Rehman, A., Javed, K., Babri, H.A., Saeed, M.: Relative discrimination criterion-a novel feature ranking method for text data. Exp. Syst. Appl. 42(7), 3670–3681 (2015)

    Article  Google Scholar 

  31. Salton, G., Buckley, C.: Term-weighting approaches in automatic text retrieval. Inf. Process. Manag. 24(5), 513–523 (1988)

    Article  Google Scholar 

  32. Scrapinghub: Scrapy (2019). https://scrapy.org/. Accessed 17 Dec 2019

  33. Silva, C., Ribeiro, B.: On text-based mining with active learning and background knowledge using SVM. Soft Comput. 11(6), 519–530 (2007)

    Article  Google Scholar 

  34. Sood, G., Cor, K.: Pwned: The risk of exposure from data breaches. In: WebSci 2019 - Proceedings of the 11th ACM Conference on Web Science, pp. 289–292 (2019)

    Google Scholar 

  35. Statista GmbH: Waren Sie schon einmal von Identitätsdiebstahl betroffen, hat also schon einmal jemand Ihre persönlichen Daten missbräuchlich genutzt und Ihnen Schaden zugefügt? (2019). https://de.statista.com/prognosen/953397/. Accessed 24 June 2020

  36. Sun, A., Lim, E.P., Liu, Y.: On strategies for imbalanced text classification using SVM: a comparative study. Decis. Supp. Syst. 48(1), 191–201 (2009)

    Article  Google Scholar 

  37. Symantec Corporation: 2017 - Norton Cyber Security Insights Report - Global Results (2017). https://www.nortonlifelock.com/content/dam/nortonlifelock/docs/about/2017-ncsir-global-results-en.pdf. Accessed 24 June 2020

  38. Thomas, K., et al.: Data breaches, phishing, or malware? In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS 2017, pp. 1421–1434 (2017)

    Google Scholar 

  39. Thomas, K., et al.: Protecting accounts from credential stuffing with password breach alerting. 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14–16, 2019, pp. 1556–1571 (2019)

    Google Scholar 

  40. Universität Bonn: identity leak checker (2020). https://leakchecker.uni-bonn.de/. Accessed 24 June 2020

  41. Uysal, A.K., Gunal, S.: A novel probabilistic feature selection method for text classification. Knowl.-Based Syst. 36, 226–235 (2012)

    Article  Google Scholar 

  42. Vakilinia, I., Cheung, S., Sengupta, S.: Sharing susceptible passwords as cyber threat intelligence feed. In: MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM), pp. 1–6. IEEE (2018)

    Google Scholar 

  43. Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In:CODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy, pp. 196–203 (2018)

    Google Scholar 

  44. Wash, R., Rader, E., Berman, R., Wellmer, Z.: Understanding password choices: how frequently entered passwords are re-used across websites. In: Twelfth Symposium on Usable Privacy and Security (Soups), p. 175 (2016)

    Google Scholar 

  45. Web.de: Was ist Ihre bevorzugte Methode, die notwendige Menge an Passwörtern zu verwalten? (2019). https://www.slideshare.net/WEBDE_DEUTSCHLAND/passwortstudie-59-der-deutschen-internetnutzer-verwenden-passwrter-mehrfach. Accessed 24 June 2020

  46. Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank Christian Bungartz for helpful discussions on the implementation. We thank Faye Jennifer Lee for designing the pretty pictures in Sect. 4.

Author information

Authors and Affiliations

  1. University of Bonn, Bonn, Germany

    Timo Malderle, Felix Boes, Gina Muuss, Matthias Wübbeling & Michael Meier

  2. Fraunhofer FKIE, Bonn, Germany

    Matthias Wübbeling & Michael Meier

Authors
  1. Timo Malderle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Felix Boes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gina Muuss
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Matthias Wübbeling
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michael Meier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Timo Malderle .

Editor information

Editors and Affiliations

  1. Plymouth University, Plymouth, UK

    Steven Furnell

  2. Istituto di Informatica e Telematica, Pisa, Italy

    Paolo Mori

  3. University of Vienna, Vienna, Austria

    Edgar Weippl

  4. MODESTE/ESEO, Angers Cedex 2, France

    Olivier Camp

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Malderle, T., Boes, F., Muuss, G., Wübbeling, M., Meier, M. (2022). Credential Intelligence Agency: A Threat Intelligence Approach to Mitigate Identity Theft. In: Furnell, S., Mori, P., Weippl, E., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2020. Communications in Computer and Information Science, vol 1545. Springer, Cham. https://doi.org/10.1007/978-3-030-94900-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-94900-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-94899-3

  • Online ISBN: 978-3-030-94900-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation